Operating System - HP-UX
1839290 Members
2656 Online
110138 Solutions
New Discussion

Re: Configuring dhcp - dhcpdeny

 
SOLVED
Go to solution
Steven Schladale
Occasional Advisor

Configuring dhcp - dhcpdeny

One of our users appears to have hardcoded an IP Address from the dhcp pool on there PC. I'm not sure who the user is but I have their MAC address. I been reading about dhcpdeny and wonder if putting their MAC address in this config file would stop them from getting a network connection. Once they can't get onto the network they will show up asking why. At that point the problem of hardcoding IP Addreses can be corrected.

Also if the format of the dhcpdeny could be explained. What values go in which of the three columns...

Thanks,
Stev
4 REPLIES 4
S.K. Chan
Honored Contributor
Solution

Re: Configuring dhcp - dhcpdeny

I think all you have to do is enter the MAC addresses that you want to deny separated by spaces into the /etc/dhcpdeny file (in hex of course). Personally I haven't done this before because the version of bootpd that I had does not support the "dhcpdeny" file. It only understand "dhcpallow" file. You might want to check this first before creating "dhcpdeny" file. I noticed on a 10.20 system this is not supported but on 11.x it's fine. Do this to make sure ..
# cd /usr/lbin
# strings bootpd|grep -i dhcpdeny
===> if you get nothing back it means "dhcpdeny" won;t work.
Pete Randall
Outstanding Contributor

Re: Configuring dhcp - dhcpdeny

Steven,

I checked my 11.0 servers as S.K. suggested and got nothing. The man page for bootpd on 11.0 contains nothing about dhcpdeny. However, my 11.11 workstations have the following section in the man pages for bootpd:

Dhcpdeny Configuration
The configuration file /etc/dhcpdeny contains the list of hardware
addresses, one address per line, for clients that will not be served
by our server. If we know about some bad clients in the network and we
don't want to serve them, add the hardware address of those clients in
this file. This file, like other configuration files, takes #
character as the starting of a comment.

It looks to me like you need to be at 11i to use this feature.

Good luck,
Pete

Pete
Dave Unverhau_1
Honored Contributor

Re: Configuring dhcp - dhcpdeny

Steven,
I don't think that dhcpdeny is going to allow you to accomplish your goal in any case. You mentioned that you want this person with the hard coded IP address to not get network connectivity and this approach is simply going to deny assignment of an IP address via DHCP. (This person has already hard-coded the address, so they won't be affected...)

I think you're going to need to do some more sleuthing to get this resolved.

If learning the hostname of the PC will help, you might be able to determine it by executing a traceroute command from the command prompt of a PC (e.g. >tracert 192.1.2.3). This may not help if the PC has firewall software running. Also, some versions of Windows won't respond with the Hostname.

If you are running SNMP-based network management software, like HP Openview NNM, you could probably trace the address to a physical port on a managed switch or hub and, if you have a good map of your network, it may lead you right to the offending box.

Another approach would be to remove that address from the DHCP pool temporarily and hard-address some non-critical PC and leave it running on the network. Eventually, the offender will either come looking for help as you suggested (if it was an "honest mistake") or they'll borrow a different address.

I hope this helps you get to the bottom of things -- good luck!

Dave
Romans 8:28